CVE-2015-6908

Published: Sep 11, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

76714

vdb-entry

x_refsource_BID

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

x_refsource_CONFIRM

http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf

x_refsource_CONFIRM

https://support.apple.com/HT205637

x_refsource_CONFIRM

openSUSE-SU-2016:0255

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:0224

vendor-advisory

x_refsource_SUSE

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629

x_refsource_CONFIRM

DSA-3356

vendor-advisory

x_refsource_DEBIAN

APPLE-SA-2015-12-08-3

vendor-advisory

x_refsource_APPLE

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

x_refsource_CONFIRM

USN-2742-1

vendor-advisory

x_refsource_UBUNTU

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240

x_refsource_CONFIRM

RHSA-2015:1840

vendor-advisory

x_refsource_REDHAT

1033534

vdb-entry

x_refsource_SECTRACK

openSUSE-SU-2016:0261

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:0262

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:0226

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-6908

Description

Affected Products

References